IETF Logo Mail Archive

Re: [TLS] draft-wang-tls-raw-public-key-with-ibc-10

Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Sun, 24 March 2019 12:05 UTC

Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F20126C15 for <tls@ietfa.amsl.com>; Sun, 24 Mar 2019 05:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYmwYzXGYJBh for <tls@ietfa.amsl.com>; Sun, 24 Mar 2019 05:05:43 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E87DE126C01 for <tls@ietf.org>; Sun, 24 Mar 2019 05:05:42 -0700 (PDT)
Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 0192EB907331509BEA05 for <tls@ietf.org>; Sun, 24 Mar 2019 12:05:41 +0000 (GMT)
Received: from SINEML705-CAH.china.huawei.com (10.223.161.55) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 24 Mar 2019 12:05:40 +0000
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.119]) by SINEML705-CAH.china.huawei.com ([10.223.161.55]) with mapi id 14.03.0415.000; Sun, 24 Mar 2019 20:05:34 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-wang-tls-raw-public-key-with-ibc-10
Thread-Index: AdTftNFrvlhWFP56RKG/V+cna1b4df//6R+AgAHf/ICAAz20Fg==
Date: Sun, 24 Mar 2019 12:05:33 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E3325B1@SINEML521-MBX.china.huawei.com>
References: <0AE05CBFB1A6A0468C8581DAE58A31309E321135@SINEML521-MBX.china.huawei.com> <CABcZeBMfY38Ps4fVk+Y6xuJB9=WjCJVNgyL+aOKp6TVy=s8ZKw@mail.gmail.com>, <157717aa-8515-2485-1ae2-4b18b38b48ad@cs.tcd.ie>
In-Reply-To: <157717aa-8515-2485-1ae2-4b18b38b48ad@cs.tcd.ie>
Accept-Language: en-SG, en-US
Content-Language: en-SG
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.220.66.246]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/R5j4MTIbi79INwhi4RbE525AhWA>
Subject: Re: [TLS] draft-wang-tls-raw-public-key-with-ibc-10
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 12:05:45 -0000

Hi, Stephen

Thanks much for your comments. 

As IBS using a centralized PKG to generate keys for the peer, some users do concern about this feature. 
However, for some usage scenarios such as telecom operators, key escrow is not a issue since 
with the current telecom networks, all the mobile devices embedded with a root key in their USIM card,
which is known to the home operators. So knowing the private keys of devices are not a issue, depends 
on the usage of the keys. 

If users worry about this feature, can we make it an optional feature and only when companies want to use
it, then they can enable this feature or patch the library. 

Best regards.

Haiguang       
________________________________________
From: Stephen Farrell [stephen.farrell@cs.tcd.ie]
Sent: Saturday, 23 March, 2019 2:24:03 AM
To: Eric Rescorla; Wang Haiguang
Cc: tls@ietf.org
Subject: Re: [TLS] draft-wang-tls-raw-public-key-with-ibc-10

Hiya,

On 21/03/2019 13:46, Eric Rescorla wrote:
> In addition, the innherent escrow capability that you describe in Section 7
> is a way in which IBC systems are materially worse than PKI systems in a
> way we don't know how to ameliorate (as opposed to CT).

I agree with Ekr here. I'd go further and argue that applications
really need to be aware that somewhere there's a key generator who
knows all private keys and that it'd be too dangerous for that
kind of difference to be hidden inside a TLS library.

> For these reasons, I don't think this WG should adopt this work, though
> the process allows you to have a code point without adoption.

+1

Cheers,
S.

v2.23.0 | Report a Bug | By Email